Can you Trust Free Anti-Virus?

I ran across an interesting article the other day that questions whether a user can rely upon free anti-virus: http://tech.blorge.com/Structure:%20/2009/07/04/symantec-its-dangerous-to-rely-on-free-antivirus/. The source of the quotes in the article is of course one of the big paid anti-virus companies. And it erroneously concludes that free products cannot be trusted, are not sufficient, etc. But then again why should a firm that makes a billion dollars a year off of paid anti-virus conclude that a free anti-virus product is good…..

The article does make very good points about what is needed in a security product. Its only error is in concluding that a free product does not provide these capabilities. So, here are the points the article makes and why they are wrong (at least for avast):

Free antivirus does not provide the protection to avoid identity theft. This is wrong. Malware focused on stealing identity information is just malware. In principle it is not any different from malware focused on hijacking your computer, deleting your data, etc. There is really no difference in detecting this malware. Avast’s ability to detect malware is unquestioned and is always at or near the top of malware detection tests. Talking about identity theft here is just marketing hype. Users are rightfully concerned about protecting their identity information. But, we and everyone else do that by protecting the user against malware. Unlike others we just don’t hype it…..maybe we should.

There is a big gap between what free antivirus protects against and the current threat landscape. This is wrong. The spokesperson is wrongly assuming that antivirus products do the same as what they did 10 years ago. In those days, an antivirus product looked at an executable file (exe) and based on some mathematics (e.g. signature) decided whether it was a virus. This approach is not very useful these days. Instead one needs what is called “defense in depth”. One must catch the infection much earlier. These days the most common way of getting infected is over the web—by browsing web pages that are dirty or hijacked. Detecting these infections is one of the things that avast excels at. Our free product protects not only against the execution of malware but we also have heuristic detections, un-matched detections of infected java scripts, web shields, and behavior detections. This is at least equal, and sometimes better, than what is available in a paid product.

Attackers are targeting legitimate websites…..implying that free antivirus in ineffective in these situations. This is wrong. While the statement that attackers are targeting legitimate websites is correct, the implication that only a paid product can protect against this scenario is absolutely wrong. In fact, I would be willing to bet that our free product provides as good or better protection against this scenario than any of the paid products.

Antivirus should be a last defense. This statement is true in a technical sense. The spokesperson is using the very strict definition of antivirus that I described in point #2 above. But the fact is with avast there are many layers of defense and the strict definition of antivirus is in fact the last layer.

Free antivirus may not protect against drive by downloads that target the browser or browser plug-ins. This is wrong. Avast provides just as much protection, if not more, against these threats as the major paid products. The vast majority of threats we currently see are of this type—they are typically java script infections on web pages. Here we believe no one does a better job of detecting these threats than us.

Free antivirus only provides the last layer of defense and that is inadequate. This is wrong. Avast provides all the layers that the paid products provide.

Free antivirus firms don’t have the resources to stay on top of all the security threats. This is wrong. Companies do not scale their security research based on their revenue or number of users. I would bet our security research organization is of a similar size to that of the large paid providers. Our success in published malware detection tests show that we are just as good, if not better, than the paid providers. Instead, what the paid firms scale up is their marketing and sales organizations. While those firms may have hundreds of people in their marketing and sales organizations, we have just a few.

Now of course we do have a free and a paid product. And as I described in another posting, we are not entirely altruistic in providing the free product. But the free product is in fact very, very good. For many, if not most users it is perfectly sufficient. Our paid version does have some additional features—but the core security protection is very similar. Our upcoming Version 5 will also have additional features. But we do believe all users should have access to top notch security even if they can’t or won’t pay for it. That is why we have the free product.

Welcome to Avast!
True! Symantec is the most often pre-installed security product. On the security boards of my country (France), with users’ agreement, we uninstall Symantec’s.
True! Avast is the most famous free AV program. However, in my country, we uninstall it.

Just a few questions:
- why are there so many infected computers with Avast in them, on our forums?
- why don’t Avast teams respond to our false positive warning emails?
- why is Avast so slow in considering new malware variants?

If you want to discuss further, you’ve got my email addy…

ipl_001,
MS-MVP, Consumer Security

http://www.avast.com Michal Krejdl

Hi ipl_001, I’m a member of avast viruslab.

In few points:
1) What do you mean with so many infected computers? How do you evaluate the seriousness of these infections? There are some single failures, off course (each AV has them), but we’re always trying to protect as much people as possible – the independent comparative tests confirm, that we have no major lack in detections. Remember that we have about 80M users, there’s statistically a higher probability that you can see some single failure nearby. We have a great team at forum.avast.com, which is able to help the users to solve these failures (and it also helps us to improve the detections).
2) Our response is the fix of the submitted false positive. Now you have also an option to send us the FP directly from the warning dialog. Unfortunately people often have no clue what’s FP and what’s not and there’s a high percentage of users, which are only putting garbage to our FP processing system (that makes the work much harder).
3) You aren’r right. We have a famous detection capabilities of web-based malware (most frequently used way to infect PC), that other AV vendors never dreamt of. We were also the first, who detected a new variant of patched user32 etc.

ipl_001

Hi Michal,

Thanks for your message.

I was a fan of Avast some years ago; I was advising it regularly.
I registered to your forum on August 23, 2007 and posted a request… I never received a response (I don’t know why but I don’t find any track of a single post nor a PM in my account).

My aim by commenting here, was to see if there were some people alive. I must say that the aim has been hit as I received both an email and a your post.

As an administrator on a French security forum, I won’t attack Avast here as I think it is not the location and I have to respect the author of the blog.

However:
-1-”so many infected computers” – As I wrote it, I am the administrator of a French forum specialized in malware cleaning. When an infected user comes to us for help, we take a look at his protections: we too often see Avast free AV (that didn’t say much to warn the user or stop the infection).
As an anecdote, as we asked a user to install an AV program for a scan, he told us “I prefer Avast as it didn’t bother me with so many messages”. He was happy with this but this is a clue of Avast being quiet while a “competitor” was poping up several times regarding the malware installed on the system.
In addition to my forum admin “duties”, I lead a kind of organization that brings together French security advisors responsible for oodles of other boards so that I get echoes from many other French forums…
-2-We (the members of the organization I was speaking about hereabove) know how to send a false positive to Avast… but we gave up about 2 years ago due to the lack of response.
-3-I’m sorry, our tests and research show that you are not quick enough regarding the recent variants: comparatives are good for you but if you are indeed good at detecting “old” malware, the danger mainly comes from the new one.

As I don’t want to have a public argument with you here, I won’t post any longer.

ipl_001

Sorry… some more words: I’ll continue via email.

ipl_001

Some more words… I’ll continue via email.

http://www.rejzor.tk RejZoR

@ipl_001
I find it hard to believe that no one ever replied to your question. There are at least 4 users (including me) that are on forums almost 24/7, helping users, answering questions, explaining things. Often even ALWIL official team members join in. The contact with ALWIL employees is incredible, trilion light years better than with any other company i worked with in last few years. Maybe because i’m already hooked up but still, i try to give the same to other users. And so do others.

i have been using free home edition for many years now never faced any problem and i think this free edition of Avast is much better then those with high price i recomend this to all

http://legawa.com/blog Cahya

Well, yes, there were times when virus (or other kind of threats) spread widely in a local area. Well, yes, I ever found that Avast fail to detect a type of virus that the sample of the infected file I did submitted for weeks before, and made my waiting for new updates which may solve my problem became hopelessly.

Well, yes, I found one of local free antivirus software working nicely, it might found virus/malware that Avast yet can’t detected in the same time. But I am not an expert on this, I can’t different the false positive with the real threat. But these years recently, I never found any better reason but to stay with Avast.

And sure, not only the antivirus, but I love the web forum too. Maybe the paid product have something more, but for me Avast works perfectly fine.

http://www.avast.com Michal Krejdl

@ipl_001
I can give you some explanations
- as I’m facing lots of malware every day, I can see the results of other AV engines. I can mention a case of Wigon to illustrate the situation – Wigon killed all known antiviruses during its first raise. A majority of common users use Avast, so you can find many forum posts about avast failures but only few posts about failures of other engines even when they did exist. What I want to point out is also the nature of the infected users – would they get infected also with other AV or not? As I see the behavior of some users, I would bet, that they would.
- many things have been changed during last two years, we didn’t marketed them, but we know, that they are quite successful in protecting the users (antirootkit based on famous GMER core, URL blocker etc.).
- about the false positives: there are thousands of submissions per day, but the vast majority (over 98% of them for sure) are not real falses. Tell us how to process them as fast as possible and maybe we will hire you ;-). Anyway, the critical false positives are marked with higher priority and are fixed asap (in the next VPS update since the FP arrival).
- I’m not telling you that we’re perfect at all, but we have a really strong and accurate detection of web-based malware, which makes the entry gate for the malware to come inside in most cases. It’s always a cat & mice game and we know that some other AV engines are better in detecting some types of malware – we also are, but in different types (not a single AV is perfect). If you know how to be more proactive, we are always open to get some interesting hints.

Taofeeq L

Well, yes, I found one of local free antivirus software working nicely, it might found virus/malware that Avast yet can’t detected in the same time. But I am not an expert on this, I can’t different the false positive with the real threat. But these years recently, I never found any better reason but to stay with Avast.

And sure, not only the antivirus, but I love the web forum too. Maybe the paid product have something more, but for me Avast works perfectly fine.

Peter

I like avast home editon，it works very well，and i had already used it for three years,thank you

vlk

ipl_001, let’s chat on the forum. We’d be interesting in finding out more about the problem.

Cheers
Vlk

Sara

Yes I trust avast – it works and the proof is in the fact that I can write here. Good stuff ppl and keep it up!

I also read that same feature. Most FREE AV provide the core protection you mention, In my opinion, avast! is one of the leading AV protection suites with particular emphasis on ease of use; performance; and the unique boot scan to name a few. Symantec are a leading AV brand (as you well know), but I suspect the article is a case of ‘sour grapes’. I have though researched consumer behaviour over the past 5 years when it comes to ‘purchasing AV’ – we sampled some of our members, and were surprised to find that most users (55%) thought FREE AV ‘couldn’t provide the same level of protection as a PAID solution’ – but another question pointed to why users thought this – and the answer will not surprise you – ‘brand awareness’. So really speaking, users identify with the Symantec, McAfee and CA’s of this world as these are often included pre-installed (something you have also highlighted) on OEM computers – so you could say our original question was a little misleading given the fact users only see the Symantec and McAfee brand when they first switch on their new computers. Anything else and they think ‘it’s free, so why don’t Symantec or McAfee’ provide a FREE AV solution?’ In essence, the more FREE avast!is downloaded by users the better (and these users should convert in time to the PAID version), as people realize that the FREE version is in fact as good as and in some cases better than ‘other’ subscriber versions.

Best
Julian
IDTP

Arthur

Perhaps it is that avast! users are more Tech-savy and are more likely to report problems? In my experience most users of pre-installed antivirus products struggle to do anything beyond basic browsing and word-processing.
Anyway, in the latest virus bulletin test (www.virusbtn.com), avast! passed, whereas symantec’s product did not. So it really would seem that there is no merit to that article at all.

2. I can’t believe that this marketing bla-bla-bla can be considered technically… We’re just paying their sales and marketing team…

3. About avast submission process, well, Michal Krejdl, there is room for improvement. Some complains are in forum also.

Michal Krejdl :
Unfortunately people often have no clue what’s FP and what’s not and there’s a high percentage of users, which are only putting garbage to our FP processing system (that makes the work much harder).

If you’re saying that false positives are submitted by avast virus warning, why should the user send garbage to you. You’re detecting it, you’re requiring the file, so it’s up to you. Well, I think email submission is not the way to get samples.

ipl_001 :
Comparatives are good for you but if you are indeed good at detecting “old” malware

Well, when comparatives are good for the others, then sorry avast. When avast get it gold, well, comparatives are not that important. We need consistency here.

Scout

I just want to have a suggestion…uhm Can you include script blocking from avast home version 5.0 the next relese.. Because im interested to see that a free virus program will have the same modules from the pro version.. I will be glad to see that day.. Thank you Alwil Software!!

http://www.avast.com Michal Krejdl

@Tech
There are lots of real infections in the submissions, I call them garbage, because they would not flood our system when the users would use virustotal, our forums or any kind of thinking. It’s quite roughly written, but you hopefully know what I mean.

http://warbandit.exteen.com Ratcicle

Some big vendor are paramiod about some user choose free antivirus more than them.
However I don’t care about a brand,
I’ll buy Antivirus software by think about prize and security first.

Marlene

I presently have the free home edition, however, I’d like to purchase the Pro Edition. Do I need to uninstall the Home Edition first and then download the Pro Edition?

Though I’m no expert in this field,as a home user I play a lot with antivirus and other security application.Avast home edition is OK as long as you don’t surf adult sites and cracks and serials websites .I have been a year long user of Avast.For a home user who don’t surf much and don’t dig deep to internet,Avast is a perfect solution for them.I have instances when a friend of mine comes with a compalain that his PC got crashed as soon as he inserted a pen drive.I believe Avast doesn’t give enough protection for USB Drive.This was not just one incident.Recently I tried with Kaspersky,it gives very less false positive specially with keygens.I think Avast too gives many false posive,its a matter to be looked into.Rather than a mere antivirus,Avast should be upgaraded to Internet Security Suite as you promised with Avast 5.Hopefully its available for free like home edition.One perfect supplement with Avast home edition is a good antispyware. Personally I prefer SpyCatcher Free or SpyTerminator.What Avast alone couldn’t do,this solution provided a next layer of shield.I’ll recommend the use of combo pack,means Avast home edition and SpyCatcher FREE for hardcore Internet Geeks.

http://tashiwangdi.blogspot.com/ tashi

I remember a day while surfing through some adult site, my PC got infected by a virus. Avast did detect it but is unable to delete or heal or quarantine it.Then my PC started behaving abnormally.I click one page and a page somewhere else opens up.I just couldn’t do any work at PC normally despite closing internet service. Then i gave a full scan with Avast Antivirus home edition. Avast still detects it but its unable to remove it.Sometimes a pop up comes out, “saying your PC is infected” and you need to download a high tech Antivirus. This pop up harassed me to that extend that I formated my Windows and fresh installed it. With my personal bad experiences with Avast,I have migrated to Rising Antivirus Free edition.Its very good Antivirus.Till now I never had any problem with Rising antivirus unlike the Avast even when I browse underground sites.It has better spyware and rootkit detection and easily contains new viruses.

Robert Garcia

I cannot open your free Avist virus protector. I little virus will not let me. What can I do. Will your professional version solve all my problems?

http://www.avast.com Vincent Steckler

@Robert Garcia
Hello Robert. Are you having problems with “avast” or “avist”? I am not sure your use of “avist” was a typo or not. Anyways, post a question on the forum (forum.avast.com) and I am sure they can help you.

http://www.avast.com Vincent Steckler

@tashi
Sorry for the troubles Tashi. I am not sure what the issue was or even if it was related to avast. But, I am sure that folks on the forum (forum.avast.com) would have helped you. Anyways, I think you will be disappointed in your new product–take a look at the newest VB100 (where it is near the bottom) scores and other scores.

Justin William

Hi Vincent,

Have used other anti-virus software and had my PC crash due to viruses and trojans. Ever since I have switched over to AVAST, I have had no problems so far and I can browse in peace. Thank you for such a great product. I am an AVAST fan for life.

No# 1 security on the planet is you! Of course, you need to stay away from dangerous websites and torrents. I am not claiming that you’re better off w/o an AV software. I’d definitely recommend avast free edition over anything else…

Now, on to some real life experience… I’ve been w/o AV for quite some time and had no viruses at all. I am well aware of the risks I am taking, but my point is clear. Perhaps, I’ll download and install Avast free edition as I don’t have the sufficient funds to accommodate the price.

People’s computers become infected even w/ AV software because they think they can visit potentially dangerous websites with the AV protection on. True, your AV will protect you, but what if the websites contain new virus which is undetected by “Heuristic” engine?

In conclusion, have decent AV protection, stay away from potentially dangerous websites and don’t you dare click on any *.exe, *.com, *.bat and even image based extensions as they may have viruses injected in them.

http://www.avast.com Vincent Steckler

@Leonid
Hello Leonid. Thanks for the vote of confidence but please load the free Avast onto your computer. The vast majority of all infections we see come from innocent sites. It is not people visiting dangerous websites or executing .exe, .com,. or .bat. It is people visiting a legitimate website that has been hijacked. Yes a security product will not catch 100%–especially of brand new infections. But they will catch far more than the 0% your approach will……

And you don’t necessarily know you are without viruses. You should really run a check and see if that is true….

Alwil should accept donations for the Avast Home, like Spybot Search & Destroy, SUPERAntiSpyware and Openoffice.org do with their software.
Greetings from Chile of Juan, a fan of Avast Home.

Juan Silva

The user donations from around the world, are a good way to permanently strengthen Avast Home.

Juan Silva

Avast can beat to Avira and AVG. I even think that Avast can become the best antivirus in the world. However, Avast Home, must always remain strong and should be done through donations from around the world.